Due to upstream changes in how sudo 1.7.3 handles group membership checks, the patch used to correct bug #235915 (sudo can't always correctly determine group memberships) was incorrectly rediffed, making sudo in Fedora once again vulnerable to CVE-2009-0034 (incorrect handling of groups in Runas_User).
Statement:
Not vulnerable. This issue did not affect the versions of sudo as shipped with Red Hat Enterprise Linux 4, 5, or 6.